[ECHO_ADV_77$2007] Study planner (Studiewijzer) <= 0.15 Remote File Inclusion Vulnerability

ECHOADV77$2007 ----------------------------------------------------------------------------------------- ECHOADV77$2007 Study planner Studiewijzer = 0.15 Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...

Study planner (Studiewijzer) <= 0.15 Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================================== Study planner Studiewijzer = 0.15 Remote File Inclusion Vulnerability ======================================================================== \ /\ \ / | \ \ | / \ //...

study planner (studiewijzer) 0.15 - Remote File Inclusion

study planner studiewijzer 0.15 - Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV77$2007 ----------------------------------------------------------------------------------------- ECHOADV77$2007 Study planner Studiewijzer = 0.15 Remote...

Magic CMS 4.2.747 (mysave.php file) Remote File Include Vulnerability

No description provided by source. '/ -.- ---------------------oOO------OOo--------------------- | Magic CMS v4.2.747 mysave.php Remote File Inclusion | | works only with registerglobals = on | | coded by DNX | --------------------------------------------------------- ! Discovered: DNX ! Vendor:...

RunCms SQL注入漏洞

RunCms是一款基于PHP的内容管理程序。 RunCms不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于多个脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 RunCMS RunCMS 1.4.1 RunCMS RunCMS 1.2 RunCMS RunCMS 1.1 A RunCMS RunCMS 1.1 RunCMS RunCMS 1.3.a5 RunCMS RunCMS 1.3.a2 RunCMS RunCMS 1.3.a 目前没有解决方案提供,请关注以下链接：...

phpcms 3.0.0文件上传漏洞

漏洞文件: ads/upload.php、uppic.php require PHPCMSROOT."/class/upload.php"; if!$userid message"请您先登录或注册！" , PHPCMSPATH."member/login.php"; if$extid==1 $upfiletype= "jpg|png|gif"; elseif $extid==2 $upfiletype= "swf"; if$action=='upload' $fileArr = array 'file'=$uploadfile, 'name'=$uploadfilename,...

Multiple bugs in TFT-Gallery

Script Name: TFT-Gallery Authors: Mike Scalora, Eric Thelin, Sascha Lorenz & Jan Berndt Website: http://tftgallery.sourceforge.net Bug Report: NetJackal njAThackerzDOTir & nima501ATyahooDOTcom Status: Patch not released First i should apologize for my bad english. Intro: TFT-Gallery is a PHP-base...

Etomite CMS index.php id Parameter SQL Injection

The remote web server is running Etomite CMS, a PHP-based content management system. The version of Etomite CMS installed on the remote host fails to sanitize input to the 'id' parameter before using it in the 'index.php' script in a database query. Provided PHP's 'magicquotesgpc' setting is...

TorrentFlux2.1.txt

Dorkfire.com Security Advisory Discovered By: [email protected] Type of problem: Directory Traversal Software: TorrentFlux 2.1 Software Description: TorrentFlux is a FREE PHP based Torrent client that runs on a web server. Manage all of your Torrent downloads through a convenient web interface...

DEVWeb-1.5.txt

This is a multi-part message in MIME format. ------=NextPart00101C6F219.260F14A2 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -=3D--------------------ADVISORY-------------------=3D- -=3D = =3D- -=3D DEV Web Manager System "alert775195196%= 3B ..::...

[MajorSecurity #24] Fire-Mouse TopList &lt;=v1.1 - Cross Site Scripting

MajorSecurity 24 Fire-Mouse TopList =v1.1 - Cross Site Scripting ---------------------------------------------------------------------------------------- Software: Fire-Mouse TopList v1.1 Version: 1.1 Type: Cross site scripting Vendor: Fire-Mouse.com Page: http://www.fire-mouse.com TIMELINE:...

[MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities

MajorSecurity 25 Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities ---------------------------------------------------------------------------------------- Software: Advanced Guestbook for phpBB Version: 2.4 Type: Cross site scripting + SQL Injection Made public:...

DSChat &lt;= 1.0 XSS

DSChat = 1.0 XSS Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate possible defacement DSChat is a PHP-based chatscript which does no filtering against XSS whatsoever, thus allowing anyone to insert html or javascript in the chatbox. Nomenumbra...

unb_161p1_incl_xpl.txt

!/usr/bin/php -q -d shortopentag=on ? echo "Unclassified NewsBoard = 1.6.1 patch 1 ABBCConfigsmileset arbitrary\r\n"; echo "local inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "works with registerglobals = On & magicquotesgpc =...

[SECURITY] [DSA 1056-1] New webcalendar packages fix information leak

-------------------------------------------------------------------------- Debian Security Advisory DSA 1056-1 [email protected] http://www.debian.org/security/ Martin Schulze May 15th, 2006 http://www.debian.org/security/faq -...

DSA-1056-1 webcalendar - verbose error message

Bulletin has no description...

Unclassified NewsBoard <= 1.6.1 patch 1 Arbitrary Local Inclusion Exploit

Exploit for unknown platform in category web applications ========================================================================= Unclassified NewsBoard = 1.6.1 patch 1 Arbitrary Local Inclusion Exploit ========================================================================= !/usr/bin/php -q -...

Unclassified NewsBoard 1.6.1 patch 1 - Local File Inclusion

!/usr/bin/php -q -d shortopentag=on ? echo "Unclassified NewsBoard = 1.6.1 patch 1 ABBCConfigsmileset arbitrary\r\n"; echo "local inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "works with registerglobals = On & magicquotesgpc =...

Unclassified NewsBoard &lt;= 1.6.1 patch 1 Arbitrary Local Inclusion Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Unclassified NewsBoard = 1.6.1 patch 1 ABBCConfigsmileset arbitrary\r\n"; echo "local inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "works with...

Cute Guestbook Remote XSS Exploit

------------------------------------------------------------------ - Cute Guestbook Remote XSS Exploit - -= http://colander.altervista.org/advisory/CuteGuestbook.txt =- ------------------------------------------------------------------ -= Cute Guestbook =- Omnipresent May 04, 2006 Vunerabilitys:...